Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
734088
AlmaLinux
5131
Alpaquita
10949
Alpine
4284
Android
2912
Azure Linux
12016
BellSoft Hardened Containers
521
Bitnami
8161
Chainguard
7206
CleanStart
1516
CRAN
14
crates.io
2490
Debian
58684
Echo
4122
GHC
3
GIT
90224
GitHub Actions
54
Go
7848
Hackage
32
Hex
142
Julia
958
Linux
25071
Mageia
6002
Maven
6604
MinimOS
75252
npm
220938
NuGet
1750
opam
18
openEuler
7055
openSUSE
13137
OSS-Fuzz
3946
Packagist
6560
Pub
11
PyPI
20293
Red Hat
20783
Rocky Linux
3497
Root
16051
RubyGems
2000
SUSE
20930
SwiftURL
58
TuxCare
5803
Ubuntu
56317
VSCode
20
Wolfi
4725
ID
Packages
Summary
Published
arrow_upward
Attributes
CVE-2026-49220
github.com/jellyfin/jellyfin
Jellyfin: Potential XSS in user management
yesterday
Fix available
Severity - 5.7 (Medium)
CVE-2026-48793
github.com/jellyfin/jellyfin
Jellyfin: Potential FFmpeg argument injection via unescaped subtitle file path
yesterday
Fix available
Severity - 8.8 (High)
CVE-2026-49246
github.com/jellyfin/jellyfin
Jellyfin: Potential MKV attachment filename path traversal to RCE
yesterday
Fix available
Severity - 1.7 (Low)
CVE-2026-49247
github.com/jellyfin/jellyfin
Jellyfin: Potential Authenticated path traversal in /ClientLog/Document
yesterday
Fix available
Severity - 8.8 (High)
CVE-2026-53943
github.com/tryghost/ghost
Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header
yesterday
Fix available
Severity - 9.6 (Critical)
CVE-2026-53944
github.com/tryghost/ghost
Ghost: Private IP filtering bypass to make server-side requests to internal services
yesterday
Fix available
Severity - 5.8 (Medium)
CVE-2026-53945
github.com/tryghost/ghost
Ghost: Server-side request forgery via DNS rebinding in external request handling
yesterday
Fix available
Severity - 4.0 (Medium)
CVE-2026-53946
github.com/tryghost/ghost
Ghost: Mobiledoc image-size fetch SSRF
yesterday
Fix available
Severity - 5.4 (Medium)
CVE-2026-53947
github.com/tryghost/ghost
Ghost: Member existence leak via magic link sign-in response
yesterday
Fix available
Severity - 5.3 (Medium)
CVE-2026-53948
github.com/tryghost/ghost
Ghost: File Upload Content-Type Spoofing
yesterday
Fix available
Severity - 5.4 (Medium)
CVE-2026-53949
github.com/tryghost/ghost
Ghost Content API filter bypass reveals private fields
yesterday
Fix available
Severity - 5.3 (Medium)
CVE-2026-53950
github.com/tryghost/ghost
@tryghost/activitypub: XSS in Ghost's ActivityPub client
yesterday
Fix available
Severity - 7.5 (High)
CVE-2026-49980
github.com/rclone/rclone
Rclone: Unauthenticated command execution in
`
rclone rcd --rc-serve
`
via inline remote instantiation, bypassing CVE-2026-41179 fix
yesterday
Fix available
Severity - 9.8 (Critical)
CVE-2026-44017
github.com/docling-project/docling
Docling: Unsafe Zip Extraction in EasyOCR Model Download
yesterday
Fix available
Severity - 7.5 (High)
CVE-2026-44022
github.com/docling-project/docling
Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands
yesterday
Fix available
Severity - 5.5 (Medium)
CVE-2026-44020
github.com/docling-project/docling
Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
yesterday
Fix available
Severity - 7.5 (High)
Load more...
GIT - OSV